Posted
by
BeauHDon Thursday May 03, 2018 @05:45PM
from the lock-it-up dept.

An anonymous reader quotes a report from Ars Technica: Today, Google is releasing an open source framework for the development of "confidential computing" cloud applications -- a software development kit that will allow developers to build secure applications that run across multiple cloud architectures even in shared (and not necessarily trusted) environments. The framework, called Asylo, is currently experimental but could eventually make it possible for developers to address some of the most basic concerns about running applications in any multi-tenant environment. Container systems like Docker and Kubernetes are designed largely to allow untrusted applications to run without exposing the underlying operating system to badness. Asylo (Greek for "safe place") aims to solve the opposite problem -- allowing absolutely trusted applications to run "Trusted Execution Environments" (TEEs), which are specialized execution environments that act as enclaves and protect applications from attacks on the underlying platform they run on.

When I see a company that is deploying docker containers on AWS, I see a company that has a shitty build system. They can't write simple scripts to install software (and the key is to keep them simple).

This is especially true because on AWS you already start with images in a known state, you don't have a lot of special cases here (which would be the case if you were deploying to end-user desktop machines). I guess most programmers have trouble figuring stuff out or something.

Yeah, Docker is built for running trusted software, not untrusted software.

If you want to run untrusted software, VMware was designed for that.......but doesn't do a great job. If you're running Linux, it's not hard to set up your own container. If you're using BSD, you can set up a jail.

Google has realized they need to get back their control over Android, and DRM is their golden ticket.
So what is TEE and pals?

Each CPU has a burned in public key. A publisher can encrypt binary specifically for the public key of yours, and such a blob will run only and only on a CPU with burned in private key, like sort of smartcard on steroids. This can be paired with remote attestation and what not, but it's no different from, say, CPU, acting as your SIM card (which is actually one of such use cases)